Product Manual
Page 1
D-Link NetDefend firewall Security VPN Firewall NetDefend secured by Check Point User Guide Version 1.0 Revised: 01/17/2006
D-Link NetDefend firewall Security VPN Firewall NetDefend secured by Check Point User Guide Version 1.0 Revised: 01/17/2006
Product Manual
Page 2
..., Meta IP, MultiGate, Open Security Extension, OPSEC, Provider-1, SecureKnowledge, SecureUpdate, SiteManager-1, SVN, UAM, User-to-Address Mapping, UserAuthority, Visual Policy Editor, VPN-1, VPN-1 Accelerator Card, VPN-1 Gateway, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, and VPN-1 Edge are referring to know that what the Program does. 1. or its recipients to freedom, not price. Patent No. 5,606,668 and...
..., Meta IP, MultiGate, Open Security Extension, OPSEC, Provider-1, SecureKnowledge, SecureUpdate, SiteManager-1, SVN, UAM, User-to-Address Mapping, UserAuthority, Visual Policy Editor, VPN-1, VPN-1 Accelerator Card, VPN-1 Gateway, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, and VPN-1 Edge are referring to know that what the Program does. 1. or its recipients to freedom, not price. Patent No. 5,606,668 and...
Product Manual
Page 5
Contents Contents About This Guide ...xi Introduction ...1 About Your D-Link NetDefend firewall 1 NetDefend Secured by Check Point Product Family 2 NetDefend Features and Compatibility 2 Connectivity ...2 Firewall ...3 VPN ...4 Management...4 Optional Security Services...5 Power Pack Features ...5 Package Contents ...6 Network Requirements ...7 Getting to Know Your NetDefend firewall 8 Rear Panel ...8 Front Panel ...10 Getting to Know ...
Contents Contents About This Guide ...xi Introduction ...1 About Your D-Link NetDefend firewall 1 NetDefend Secured by Check Point Product Family 2 NetDefend Features and Compatibility 2 Connectivity ...2 Firewall ...3 VPN ...4 Management...4 Optional Security Services...5 Power Pack Features ...5 Package Contents ...6 Network Requirements ...7 Getting to Know Your NetDefend firewall 8 Rear Panel ...8 Front Panel ...10 Getting to Know ...
Product Manual
Page 10
... Remote Access VPNs ...301 Internal VPN Server...302 Setting Up Your NetDefend firewall as a VPN Server 303 Configuring the Remote Access VPN Server 305 Configuring the Internal VPN Server 306 Installing SecuRemote ...307 Adding and Editing VPN Sites ...308 Configuring a Remote Access VPN Site 311 Configuring a Site-to-Site VPN Gateway 324 Deleting a VPN Site ...340 vi D-Link NetDefend firewall...
... Remote Access VPNs ...301 Internal VPN Server...302 Setting Up Your NetDefend firewall as a VPN Server 303 Configuring the Remote Access VPN Server 305 Configuring the Internal VPN Server 306 Installing SecuRemote ...307 Adding and Editing VPN Sites ...308 Configuring a Remote Access VPN Site 311 Configuring a Site-to-Site VPN Gateway 324 Deleting a VPN Site ...340 vi D-Link NetDefend firewall...
Product Manual
Page 11
... Certificate ...345 Generating a Self-Signed Certificate 346 Importing a Certificate ...350 Uninstalling a Certificate ...352 Viewing VPN Tunnels ...353 Viewing IKE Traces for VPN Connections 356 Managing Users...359 Changing Your Password...359 Adding and Editing Users ...361 Adding Quick Guest HotSpot Users... 365 Viewing and Deleting Users ...367 Setting Up Remote VPN Access for Users 367 Using RADIUS Authentication...368 Configuring the RADIUS Vendor-Specific Attribute 372 Maintenance ...375 Viewing Firmware Status...375...
... Certificate ...345 Generating a Self-Signed Certificate 346 Importing a Certificate ...350 Uninstalling a Certificate ...352 Viewing VPN Tunnels ...353 Viewing IKE Traces for VPN Connections 356 Managing Users...359 Changing Your Password...359 Adding and Editing Users ...361 Adding Quick Guest HotSpot Users... 365 Viewing and Deleting Users ...367 Setting Up Remote VPN Access for Users 367 Using RADIUS Authentication...368 Configuring the RADIUS Vendor-Specific Attribute 372 Maintenance ...375 Viewing Firmware Status...375...
Product Manual
Page 17
Chapter 1: Introduction 1 This chapter includes the following topics: About Your D-Link NetDefend firewall 1 NetDefend Secured by Check Point Product Family includes both wired and wireless models. By supporting integrated VPN capabilities, the NetDefend firewall allows teleworkers and road warriors to securely connect to the office network, and enables secure interconnection of purchasing static...
Chapter 1: Introduction 1 This chapter includes the following topics: About Your D-Link NetDefend firewall 1 NetDefend Secured by Check Point Product Family includes both wired and wireless models. By supporting integrated VPN capabilities, the NetDefend firewall allows teleworkers and road warriors to securely connect to the office network, and enables secure interconnection of purchasing static...
Product Manual
Page 18
... NetDefend series includes the following hardware models: • DFL-CP310 Security VPN Firewall • DFL-CPG310 Wireless Security VPN Firewall You can upgrade your reseller for console access and... dialup modem connection • Supported Internet connection methods: Static IP, DHCP Client, Cable Modem, PPTP Client, PPPoE Client, Telstra BPA login, Dialup • Concurrent firewall connections: 8,000 • DHCP server, client, and relay • MAC cloning 2 D-Link...
... NetDefend series includes the following hardware models: • DFL-CP310 Security VPN Firewall • DFL-CPG310 Wireless Security VPN Firewall You can upgrade your reseller for console access and... dialup modem connection • Supported Internet connection methods: Static IP, DHCP Client, Cable Modem, PPTP Client, PPPoE Client, Telstra BPA login, Dialup • Concurrent firewall connections: 8,000 • DHCP server, client, and relay • MAC cloning 2 D-Link...
Product Manual
Page 20
...monitoring VPN The NetDefend series includes the following features: • Remote Access VPN Server with OfficeMode and RADIUS support • Remote Access VPN Client • Site to Site VPN Gateway • IPSEC VPN pass-...Based Secure RNG (Random Number Generator) • IPSec NAT traversal (NAT-T) • Route-based VPN • Backup VPN gateways Management The NetDefend series includes the following features: • Management via HTTP, HTTPS, SSH,... tools: Ping, WHOIS, Packet Sniffer, VPN Tunnel Monitor, Connection Table Monitor, Wireless Monitor, Active Computers Display, Local Logs...
...monitoring VPN The NetDefend series includes the following features: • Remote Access VPN Server with OfficeMode and RADIUS support • Remote Access VPN Client • Site to Site VPN Gateway • IPSEC VPN pass-...Based Secure RNG (Random Number Generator) • IPSec NAT traversal (NAT-T) • Route-based VPN • Backup VPN gateways Management The NetDefend series includes the following features: • Management via HTTP, HTTPS, SSH,... tools: Ping, WHOIS, Packet Sniffer, VPN Tunnel Monitor, Connection Table Monitor, Wireless Monitor, Active Computers Display, Local Logs...
Product Manual
Page 21
...; Web Filtering • Email Antivirus and Antispam Protection • VStream Embedded Antivirus Updates • VPN Management • Security Reporting • Vulnerability Scanning Service Power Pack Features The table below describes the differences between the standard DFL-CP310 and DFL-CPG310 with Power Pack Advanced 150/30 Chapter 1: Introduction 5 Basic - - 100/20 - Feature High Availability...
...; Web Filtering • Email Antivirus and Antispam Protection • VStream Embedded Antivirus Updates • VPN Management • Security Reporting • Vulnerability Scanning Service Power Pack Features The table below describes the differences between the standard DFL-CP310 and DFL-CPG310 with Power Pack Advanced 150/30 Chapter 1: Introduction 5 Basic - - 100/20 - Feature High Availability...
Product Manual
Page 22
... Portal (SMP). Package Contents The NetDefend series package includes the following: • D-Link NetDefend firewall VPN Firewall • Power adapter • CAT5 Straight-through Ethernet cable • Getting Started Guide • This User Guide 6 D-Link NetDefend firewall User Guide NetDefend Features and Compatibility Feature DFL-CP310/CPG310 DFL-CP310/CPG310 with Power Pack VLAN (Port/Tag-based) -
... Portal (SMP). Package Contents The NetDefend series package includes the following: • D-Link NetDefend firewall VPN Firewall • Power adapter • CAT5 Straight-through Ethernet cable • Getting Started Guide • This User Guide 6 D-Link NetDefend firewall User Guide NetDefend Features and Compatibility Feature DFL-CP310/CPG310 DFL-CP310/CPG310 with Power Pack VLAN (Port/Tag-based) -
Product Manual
Page 27
... the rear panel of your NetDefend firewall. Getting to Know Your NetDefend firewall LED VPN Serial State LINK/ACT On, 100 On LNK/ACT Flashing Flashing (Green) Flashing (Green) Explanation 100 Mbps link established for supplying power to the unit. Table 3: NetDefend firewall Rear Panel Elements ...Label Description PWR A power jack used for the corresponding port Data is being transmitted/received VPN port in use Serial port in use Getting...
... the rear panel of your NetDefend firewall. Getting to Know Your NetDefend firewall LED VPN Serial State LINK/ACT On, 100 On LNK/ACT Flashing Flashing (Green) Flashing (Green) Explanation 100 Mbps link established for supplying power to the unit. Table 3: NetDefend firewall Rear Panel Elements ...Label Description PWR A power jack used for the corresponding port Data is being transmitted/received VPN port in use Serial port in use Getting...
Product Manual
Page 30
Contacting Technical Support LED VPN Serial USB WLAN State LINK/ACT On, 100 On LNK/ACT Flashing Flashing (Green) Flashing (Green) Flashing (Green) Flashing (Green) Explanation 100 Mbps link established for the corresponding port Data is being transmitted/received VPN port in use Serial port in use USB port in use WLAN in use Contacting Technical Support If there is a problem with your NetDefend firewall, see http://support.dlink.com/. You can also download the latest version of this guide from the site. 14 D-Link NetDefend firewall User Guide
Contacting Technical Support LED VPN Serial USB WLAN State LINK/ACT On, 100 On LNK/ACT Flashing Flashing (Green) Flashing (Green) Flashing (Green) Flashing (Green) Explanation 100 Mbps link established for the corresponding port Data is being transmitted/received VPN port in use Serial port in use USB port in use WLAN in use Contacting Technical Support If there is a problem with your NetDefend firewall, see http://support.dlink.com/. You can also download the latest version of this guide from the site. 14 D-Link NetDefend firewall User Guide
Product Manual
Page 64
...to manage NetDefend users. The differences are using. It displays the fields below, as well as the date and time. 48 D-Link NetDefend firewall User Guide Provides context-sensitive help. Status Bar The status bar is located at the bottom of the NetDefend Portal. ...Using the NetDefend Portal This submenu... Provides a set of tools for managing your network settings and Internet connections. Allows you to VPN sites. Network Setup Users VPN Help Logout Does this guide. These elements sometimes differ depending on to log off of each page. Allows you to manage, ...
...to manage NetDefend users. The differences are using. It displays the fields below, as well as the date and time. 48 D-Link NetDefend firewall User Guide Provides context-sensitive help. Status Bar The status bar is located at the bottom of the NetDefend Portal. ...Using the NetDefend Portal This submenu... Provides a set of tools for managing your network settings and Internet connections. Allows you to VPN sites. Network Setup Users VPN Help Logout Does this guide. These elements sometimes differ depending on to log off of each page. Allows you to manage, ...
Product Manual
Page 99
... for probing the connection, by selecting one hop away. Send RDP echo requests to up to three Check Point VPN gateways specified by IP address or DNS name in the 1, 2, and 3 fields. Use this option if you have Check Point... VPN gateways, and you have reliable servers that can be down . For example, if there is a problem with a different...Setup In this ... This is considered to fail simultaneously (that are a good indicator of Internet connectivity. • Probe VPN Gateway (RDP).
... for probing the connection, by selecting one hop away. Send RDP echo requests to up to three Check Point VPN gateways specified by IP address or DNS name in the 1, 2, and 3 fields. Use this option if you have Check Point... VPN gateways, and you have reliable servers that can be down . For example, if there is a problem with a different...Setup In this ... This is considered to fail simultaneously (that are a good indicator of Internet connectivity. • Probe VPN Gateway (RDP).
Product Manual
Page 100
...Connection on setting up a dialup modem 1. If you chose the Ping Addresses connection probing method, type the IP addresses or DNS names of the desired VPN gateways. Setting Up a Dialup Modem You can clear a field by clicking Clear. To set up a dialup backup connection, see Rear Panel. 2. ...In this field... 1, 2, 3 Do this... This is useful in the main menu, and click the Ports tab. 84 D-Link NetDefend firewall User Guide If you chose the Probe VPN Gateway (RDP) connection probing method, type the IP addresses or DNS names of the desired servers. Connect a regular or ISDN...
...Connection on setting up a dialup modem 1. If you chose the Ping Addresses connection probing method, type the IP addresses or DNS names of the desired VPN gateways. Setting Up a Dialup Modem You can clear a field by clicking Clear. To set up a dialup backup connection, see Rear Panel. 2. ...In this field... 1, 2, 3 Do this... This is useful in the main menu, and click the Ports tab. 84 D-Link NetDefend firewall User Guide If you chose the Probe VPN Gateway (RDP) connection probing method, type the IP addresses or DNS names of the desired servers. Connect a regular or ISDN...
Product Manual
Page 110
... Configuration Protocol) server. Note: The DHCP server only serves computers that are configured to use a DHCP server on the Internet or via a VPN, instead of the DHCP address range. If you cannot have a DHCP server in DHCP relay mode, the NetDefend firewall relays information from the ...desired DHCP server to the devices on page 129. 94 D-Link NetDefend firewall User Guide Note: You can configure DHCP relay. For information, see Using Network Objects on your network. When in your network...
... Configuration Protocol) server. Note: The DHCP server only serves computers that are configured to use a DHCP server on the Internet or via a VPN, instead of the DHCP address range. If you cannot have a DHCP server in DHCP relay mode, the NetDefend firewall relays information from the ...desired DHCP server to the devices on page 129. 94 D-Link NetDefend firewall User Guide Note: You can configure DHCP relay. For information, see Using Network Objects on your network. When in your network...
Product Manual
Page 126
... and authenticates. This may lead to the following problems: • VPN Clients on the same subnet, and they therefore attempt to communicate directly over the local network, instead of through the secure VPN link. • Some networking protocols or resources may require the client's IP... address to be installed on the VPN clients. Configuring Network Settings Configuring the OfficeMode Network By default, VPN Clients connect to the VPN Server using an Internet IP ...
... and authenticates. This may lead to the following problems: • VPN Clients on the same subnet, and they therefore attempt to communicate directly over the local network, instead of through the secure VPN link. • Some networking protocols or resources may require the client's IP... address to be installed on the VPN clients. Configuring Network Settings Configuring the OfficeMode Network By default, VPN Clients connect to the VPN Server using an Internet IP ...
Product Manual
Page 170
... assign traffic to this class by default. Note: If you create an Allow rule associating all outgoing VPN traffic with the Urgent QoS class, then Traffic Shaper will handle outgoing VPN traffic as telnet. 154 D-Link NetDefend firewall User Guide For (Interactive Traffic) example, IP telephony, videoconferencing, and interactive protocols that is enabled...
... assign traffic to this class by default. Note: If you create an Allow rule associating all outgoing VPN traffic with the Urgent QoS class, then Traffic Shaper will handle outgoing VPN traffic as telnet. 154 D-Link NetDefend firewall User Guide For (Interactive Traffic) example, IP telephony, videoconferencing, and interactive protocols that is enabled...
Product Manual
Page 178
... to 105dBm, over 20 dB more information on environment). 162 D-Link NetDefend firewall User Guide The DFL-CPG310 also supports a special Super G mode that both new and old adapters of these standards are interoperable. The DFL-CPG310 transmits in 802.11b/g access point that allows up to 1 km... (3200 ft) outdoors, with the firewall and hardware-accelerated VPN. In addition, the NetDefend firewall supports a special extended range (XR) ...
... to 105dBm, over 20 dB more information on environment). 162 D-Link NetDefend firewall User Guide The DFL-CPG310 also supports a special Super G mode that both new and old adapters of these standards are interoperable. The DFL-CPG310 transmits in 802.11b/g access point that allows up to 1 km... (3200 ft) outdoors, with the firewall and hardware-accelerated VPN. In addition, the NetDefend firewall supports a special extended range (XR) ...
Product Manual
Page 181
...a RADIUS server. If you want to use 802.1X or WPA security mode for a wireless connection as a VPN Server on page 303. For information, see Internal VPN Server on page 302 and Setting Up Your NetDefend firewall as described in Network Installation on each computer in the ...see Using RADIUS Authentication on page 168. Manually Configuring a WLAN Note: For increased security, it is recommended to enable the NetDefend internal VPN Server for users connecting from the WLAN to the LAN are encrypted and authenticated. Click Network in the WLAN. This ensures that all connections...
...a RADIUS server. If you want to use 802.1X or WPA security mode for a wireless connection as a VPN Server on page 303. For information, see Internal VPN Server on page 302 and Setting Up Your NetDefend firewall as described in Network Installation on each computer in the ...see Using RADIUS Authentication on page 168. Manually Configuring a WLAN Note: For increased security, it is recommended to enable the NetDefend internal VPN Server for users connecting from the WLAN to the LAN are encrypted and authenticated. Click Network in the WLAN. This ensures that all connections...